On Wed, 2008-12-03 at 08:46 -0500, Steve Grubb wrote: > > > Another question is how I can use audisp-remote to send events > somewhere > > remote? > > Assuming you are using Fedora, to set this up on client machines, you > will need to install the audispd-plugins package. Then you need to set > the remote_server and port in the /etc/audisp/audisp-remote.conf > file. (trivial) also set: active = yes in /etc/audisp/plugins.d/au-remote.conf and see "TIPS" in audisp-remote(8) man page